diff --git a/vendor.conf b/vendor.conf
index 75c8952638..ec603c7c1f 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -130,7 +130,7 @@ github.com/googleapis/gax-go bd5b16380fd03dc758d11cef74ba
google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
# containerd
-github.com/containerd/containerd d4e78200d6da62480c85bf6f26b7221ea938f396
+github.com/containerd/containerd 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 # master (v1.5.0-dev)
github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
github.com/containerd/cgroups 0b889c03f102012f1d93a97ddd3ef71cd6f4f510
diff --git a/vendor/github.com/containerd/containerd/README.md b/vendor/github.com/containerd/containerd/README.md
index 320c1121ae..06331484ad 100644
--- a/vendor/github.com/containerd/containerd/README.md
+++ b/vendor/github.com/containerd/containerd/README.md
@@ -1,6 +1,6 @@
-[](https://godoc.org/github.com/containerd/containerd)
+[](https://pkg.go.dev/github.com/containerd/containerd)
[](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
[](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
[](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
diff --git a/vendor/github.com/containerd/containerd/cio/io.go b/vendor/github.com/containerd/containerd/cio/io.go
index 6637999416..003c6632e3 100644
--- a/vendor/github.com/containerd/containerd/cio/io.go
+++ b/vendor/github.com/containerd/containerd/cio/io.go
@@ -260,6 +260,26 @@ func BinaryIO(binary string, args map[string]string) Creator {
}
}
+// TerminalBinaryIO forwards container STDOUT|STDERR directly to a logging binary
+// It also sets the terminal option to true
+func TerminalBinaryIO(binary string, args map[string]string) Creator {
+ return func(_ string) (IO, error) {
+ uri, err := LogURIGenerator("binary", binary, args)
+ if err != nil {
+ return nil, err
+ }
+
+ res := uri.String()
+ return &logURI{
+ config: Config{
+ Stdout: res,
+ Stderr: res,
+ Terminal: true,
+ },
+ }, nil
+ }
+}
+
// LogFile creates a file on disk that logs the task's STDOUT,STDERR.
// If the log file already exists, the logs will be appended to the file.
func LogFile(path string) Creator {
diff --git a/vendor/github.com/containerd/containerd/container_restore_opts.go b/vendor/github.com/containerd/containerd/container_restore_opts.go
index 03722dba1a..fb60e8de9d 100644
--- a/vendor/github.com/containerd/containerd/container_restore_opts.go
+++ b/vendor/github.com/containerd/containerd/container_restore_opts.go
@@ -87,21 +87,21 @@ func WithRestoreRuntime(ctx context.Context, id string, client *Client, checkpoi
return err
}
}
- var options *ptypes.Any
+ var options ptypes.Any
if m != nil {
store := client.ContentStore()
data, err := content.ReadBlob(ctx, store, *m)
if err != nil {
return errors.Wrap(err, "unable to read checkpoint runtime")
}
- if err := proto.Unmarshal(data, options); err != nil {
+ if err := proto.Unmarshal(data, &options); err != nil {
return err
}
}
c.Runtime = containers.RuntimeInfo{
Name: name,
- Options: options,
+ Options: &options,
}
return nil
}
diff --git a/vendor/github.com/containerd/containerd/content/helpers.go b/vendor/github.com/containerd/containerd/content/helpers.go
index c1c2046186..4c4a35308e 100644
--- a/vendor/github.com/containerd/containerd/content/helpers.go
+++ b/vendor/github.com/containerd/containerd/content/helpers.go
@@ -229,9 +229,47 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) {
return r, nil
}
+// copyWithBuffer is very similar to io.CopyBuffer https://golang.org/pkg/io/#CopyBuffer
+// but instead of using Read to read from the src, we use ReadAtLeast to make sure we have
+// a full buffer before we do a write operation to dst to reduce overheads associated
+// with the write operations of small buffers.
func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) {
- buf := bufPool.Get().(*[]byte)
- written, err = io.CopyBuffer(dst, src, *buf)
- bufPool.Put(buf)
+ // If the reader has a WriteTo method, use it to do the copy.
+ // Avoids an allocation and a copy.
+ if wt, ok := src.(io.WriterTo); ok {
+ return wt.WriteTo(dst)
+ }
+ // Similarly, if the writer has a ReadFrom method, use it to do the copy.
+ if rt, ok := dst.(io.ReaderFrom); ok {
+ return rt.ReadFrom(src)
+ }
+ bufRef := bufPool.Get().(*[]byte)
+ defer bufPool.Put(bufRef)
+ buf := *bufRef
+ for {
+ nr, er := io.ReadAtLeast(src, buf, len(buf))
+ if nr > 0 {
+ nw, ew := dst.Write(buf[0:nr])
+ if nw > 0 {
+ written += int64(nw)
+ }
+ if ew != nil {
+ err = ew
+ break
+ }
+ if nr != nw {
+ err = io.ErrShortWrite
+ break
+ }
+ }
+ if er != nil {
+ // If an EOF happens after reading fewer than the requested bytes,
+ // ReadAtLeast returns ErrUnexpectedEOF.
+ if er != io.EOF && er != io.ErrUnexpectedEOF {
+ err = er
+ }
+ break
+ }
+ }
return
}
diff --git a/vendor/github.com/containerd/containerd/content/local/store_unix.go b/vendor/github.com/containerd/containerd/content/local/store_unix.go
index f5f34fd0cd..270b8db7df 100644
--- a/vendor/github.com/containerd/containerd/content/local/store_unix.go
+++ b/vendor/github.com/containerd/containerd/content/local/store_unix.go
@@ -1,4 +1,4 @@
-// +build linux solaris darwin freebsd
+// +build linux solaris darwin freebsd netbsd
/*
Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/content/proxy/content_reader.go b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
index b06e48fa97..2947a7c821 100644
--- a/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
+++ b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go
@@ -40,7 +40,13 @@ func (ra *remoteReaderAt) ReadAt(p []byte, off int64) (n int, err error) {
Offset: off,
Size_: int64(len(p)),
}
- rc, err := ra.client.Read(ra.ctx, rr)
+ // we need a child context with cancel, or the eventually called
+ // grpc.NewStream will leak the goroutine until the whole thing is cleared.
+ // See comment at https://godoc.org/google.golang.org/grpc#ClientConn.NewStream
+ childCtx, cancel := context.WithCancel(ra.ctx)
+ // we MUST cancel the child context; see comment above
+ defer cancel()
+ rc, err := ra.client.Read(childCtx, rr)
if err != nil {
return 0, err
}
diff --git a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go
index f1337e6db3..dcf6a75e96 100644
--- a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go
+++ b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go
@@ -232,6 +232,8 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"openat",
"openat2",
"pause",
+ "pidfd_open",
+ "pidfd_send_signal",
"pipe",
"pipe2",
"poll",
@@ -571,6 +573,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"kcmp",
+ "pidfd_getfd",
"process_vm_readv",
"process_vm_writev",
"ptrace",
diff --git a/vendor/github.com/containerd/containerd/mount/mount_linux.go b/vendor/github.com/containerd/containerd/mount/mount_linux.go
index d12a9c5a23..6d28f0a974 100644
--- a/vendor/github.com/containerd/containerd/mount/mount_linux.go
+++ b/vendor/github.com/containerd/containerd/mount/mount_linux.go
@@ -106,26 +106,37 @@ func Unmount(target string, flags int) error {
return nil
}
-func isFUSE(dir string) (bool, error) {
- // fuseSuperMagic is defined in statfs(2)
- const fuseSuperMagic = 0x65735546
+// fuseSuperMagic is defined in statfs(2)
+const fuseSuperMagic = 0x65735546
+
+func isFUSE(dir string) bool {
var st unix.Statfs_t
if err := unix.Statfs(dir, &st); err != nil {
- return false, err
+ return false
}
- return st.Type == fuseSuperMagic, nil
+ return st.Type == fuseSuperMagic
+}
+
+// unmountFUSE attempts to unmount using fusermount/fusermount3 helper binary.
+//
+// For FUSE mounts, using these helper binaries is preferred, see:
+// https://github.com/containerd/containerd/pull/3765#discussion_r342083514
+func unmountFUSE(target string) error {
+ var err error
+ for _, helperBinary := range []string{"fusermount3", "fusermount"} {
+ cmd := exec.Command(helperBinary, "-u", target)
+ err = cmd.Run()
+ if err == nil {
+ return nil
+ }
+ }
+ return err
}
func unmount(target string, flags int) error {
- // For FUSE mounts, attempting to execute fusermount helper binary is preferred
- // https://github.com/containerd/containerd/pull/3765#discussion_r342083514
- if ok, err := isFUSE(target); err == nil && ok {
- for _, helperBinary := range []string{"fusermount3", "fusermount"} {
- cmd := exec.Command(helperBinary, "-u", target)
- if err := cmd.Run(); err == nil {
- return nil
- }
- // ignore error and try unix.Unmount
+ if isFUSE(target) {
+ if err := unmountFUSE(target); err == nil {
+ return nil
}
}
for i := 0; i < 50; i++ {
diff --git a/vendor/github.com/containerd/containerd/pkg/process/exec.go b/vendor/github.com/containerd/containerd/pkg/process/exec.go
index e77e79ae38..7790a4979f 100644
--- a/vendor/github.com/containerd/containerd/pkg/process/exec.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/exec.go
@@ -221,7 +221,7 @@ func (e *execProcess) start(ctx context.Context) (err error) {
if err != nil {
return errors.Wrap(err, "failed to retrieve console master")
}
- if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg); err != nil {
+ if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.id, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg); err != nil {
return errors.Wrap(err, "failed to start console copy")
}
} else {
diff --git a/vendor/github.com/containerd/containerd/pkg/process/init.go b/vendor/github.com/containerd/containerd/pkg/process/init.go
index 5cb22460a5..28ca5ac6a0 100644
--- a/vendor/github.com/containerd/containerd/pkg/process/init.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/init.go
@@ -157,7 +157,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error {
if err != nil {
return errors.Wrap(err, "failed to retrieve console master")
}
- console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg)
+ console, err = p.Platform.CopyConsole(ctx, console, p.id, r.Stdin, r.Stdout, r.Stderr, &p.wg)
if err != nil {
return errors.Wrap(err, "failed to start console copy")
}
diff --git a/vendor/github.com/containerd/containerd/pkg/process/init_state.go b/vendor/github.com/containerd/containerd/pkg/process/init_state.go
index 81c6488a02..5273a5d735 100644
--- a/vendor/github.com/containerd/containerd/pkg/process/init_state.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/init_state.go
@@ -172,7 +172,7 @@ func (s *createdCheckpointState) Start(ctx context.Context) error {
if err != nil {
return errors.Wrap(err, "failed to retrieve console master")
}
- console, err = p.Platform.CopyConsole(ctx, console, sio.Stdin, sio.Stdout, sio.Stderr, &p.wg)
+ console, err = p.Platform.CopyConsole(ctx, console, p.id, sio.Stdin, sio.Stdout, sio.Stderr, &p.wg)
if err != nil {
return errors.Wrap(err, "failed to start console copy")
}
diff --git a/vendor/github.com/containerd/containerd/pkg/stdio/platform.go b/vendor/github.com/containerd/containerd/pkg/stdio/platform.go
index 6e1b27cfad..ca8688fc00 100644
--- a/vendor/github.com/containerd/containerd/pkg/stdio/platform.go
+++ b/vendor/github.com/containerd/containerd/pkg/stdio/platform.go
@@ -26,7 +26,7 @@ import (
// Platform handles platform-specific behavior that may differs across
// platform implementations
type Platform interface {
- CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string,
+ CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string,
wg *sync.WaitGroup) (console.Console, error)
ShutdownConsole(ctx context.Context, console console.Console) error
Close() error
diff --git a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
index db65a726b9..0512bc90e0 100644
--- a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
+++ b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go
@@ -96,6 +96,15 @@ func getCPUVariant() string {
return ""
}
+ // handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7")
+ // https://www.raspberrypi.org/forums/viewtopic.php?t=12614
+ if runtime.GOARCH == "arm" && variant == "7" {
+ model, err := getCPUInfo("model name")
+ if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") {
+ variant = "6"
+ }
+ }
+
switch strings.ToLower(variant) {
case "8", "aarch64":
// special case: if running a 32-bit userspace on aarch64, the variant should be "v7"
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go
index 7a05e3933e..f65c6be381 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go
@@ -106,10 +106,8 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.
return nil, err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
- if headers != nil {
- for k, v := range headers {
- req.Header[k] = append(req.Header[k], v...)
- }
+ for k, v := range headers {
+ req.Header[k] = append(req.Header[k], v...)
}
resp, err := ctxhttp.Do(ctx, client, req)
@@ -152,10 +150,8 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t
return nil, err
}
- if headers != nil {
- for k, v := range headers {
- req.Header[k] = append(req.Header[k], v...)
- }
+ for k, v := range headers {
+ req.Header[k] = append(req.Header[k], v...)
}
reqParams := req.URL.Query()
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
index cd0168be5b..9d6708def1 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
@@ -45,7 +45,7 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
return nil, errors.Wrap(errdefs.ErrNotFound, "no pull hosts")
}
- ctx, err := contextWithRepositoryScope(ctx, r.refspec, false)
+ ctx, err := ContextWithRepositoryScope(ctx, r.refspec, false)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
index 9175b6a7a4..704eba4278 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go
@@ -121,7 +121,7 @@ func (hrs *httpReadSeeker) reader() (io.Reader, error) {
rc, err := hrs.open(hrs.offset)
if err != nil {
- return nil, errors.Wrapf(err, "httpReaderSeeker: failed open")
+ return nil, errors.Wrapf(err, "httpReadSeeker: failed open")
}
if hrs.rc != nil {
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
index 13fc136859..0a69c8cce6 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
@@ -45,7 +45,7 @@ type dockerPusher struct {
}
func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) {
- ctx, err := contextWithRepositoryScope(ctx, p.refspec, true)
+ ctx, err := ContextWithRepositoryScope(ctx, p.refspec, true)
if err != nil {
return nil, err
}
@@ -130,7 +130,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
var resp *http.Response
if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" {
preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo)
- pctx := contextWithAppendPullRepositoryScope(ctx, fromRepo)
+ pctx := ContextWithAppendPullRepositoryScope(ctx, fromRepo)
// NOTE: the fromRepo might be private repo and
// auth service still can grant token without error.
@@ -222,7 +222,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
// TODO: Support chunked upload
pr, pw := io.Pipe()
- respC := make(chan *http.Response, 1)
+ respC := make(chan response, 1)
body := ioutil.NopCloser(pr)
req.body = func() (io.ReadCloser, error) {
@@ -240,6 +240,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
defer close(respC)
resp, err := req.do(ctx)
if err != nil {
+ respC <- response{err: err}
pr.CloseWithError(err)
return
}
@@ -251,7 +252,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response")
pr.CloseWithError(err)
}
- respC <- resp
+ respC <- response{Response: resp}
}()
return &pushWriter{
@@ -284,12 +285,17 @@ func getManifestPath(object string, dgst digest.Digest) []string {
return []string{"manifests", object}
}
+type response struct {
+ *http.Response
+ err error
+}
+
type pushWriter struct {
base *dockerBase
ref string
pipe *io.PipeWriter
- responseC <-chan *http.Response
+ responseC <-chan response
isManifest bool
expected digest.Digest
@@ -339,8 +345,8 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
// TODO: timeout waiting for response
resp := <-pw.responseC
- if resp == nil {
- return errors.New("no response")
+ if resp.err != nil {
+ return resp.err
}
// 201 is specified return status, some registries return
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
index 07640f23a2..5258d71799 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go
@@ -263,7 +263,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
return "", ocispec.Descriptor{}, errors.Wrap(errdefs.ErrNotFound, "no resolve hosts")
}
- ctx, err = contextWithRepositoryScope(ctx, refspec, false)
+ ctx, err = ContextWithRepositoryScope(ctx, refspec, false)
if err != nil {
return "", ocispec.Descriptor{}, err
}
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/scope.go b/vendor/github.com/containerd/containerd/remotes/docker/scope.go
index c8541c455c..fe57f023d3 100644
--- a/vendor/github.com/containerd/containerd/remotes/docker/scope.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/scope.go
@@ -26,10 +26,10 @@ import (
"github.com/containerd/containerd/reference"
)
-// repositoryScope returns a repository scope string such as "repository:foo/bar:pull"
+// RepositoryScope returns a repository scope string such as "repository:foo/bar:pull"
// for "host/foo/bar:baz".
// When push is true, both pull and push are added to the scope.
-func repositoryScope(refspec reference.Spec, push bool) (string, error) {
+func RepositoryScope(refspec reference.Spec, push bool) (string, error) {
u, err := url.Parse("dummy://" + refspec.Locator)
if err != nil {
return "", err
@@ -45,9 +45,9 @@ func repositoryScope(refspec reference.Spec, push bool) (string, error) {
// value: []string (e.g. {"registry:foo/bar:pull"})
type tokenScopesKey struct{}
-// contextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value.
-func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) {
- s, err := repositoryScope(refspec, push)
+// ContextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value.
+func ContextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) {
+ s, err := RepositoryScope(refspec, push)
if err != nil {
return nil, err
}
@@ -66,9 +66,9 @@ func WithScope(ctx context.Context, scope string) context.Context {
return context.WithValue(ctx, tokenScopesKey{}, scopes)
}
-// contextWithAppendPullRepositoryScope is used to append repository pull
+// ContextWithAppendPullRepositoryScope is used to append repository pull
// scope into existing scopes indexed by the tokenScopesKey{}.
-func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context {
+func ContextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context {
return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
index 562ee6ca48..9653454afc 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go
@@ -22,6 +22,7 @@ import (
"context"
"fmt"
"io"
+ "io/ioutil"
"net"
"os"
"os/exec"
@@ -67,23 +68,25 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
}
defer f.Close()
- var stdoutLog io.ReadWriteCloser
- var stderrLog io.ReadWriteCloser
- if debug {
- stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir)
- if err != nil {
- return nil, nil, errors.Wrapf(err, "failed to create stdout log")
- }
-
- stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir)
- if err != nil {
- return nil, nil, errors.Wrapf(err, "failed to create stderr log")
- }
-
- go io.Copy(os.Stdout, stdoutLog)
- go io.Copy(os.Stderr, stderrLog)
+ stdoutCopy := ioutil.Discard
+ stderrCopy := ioutil.Discard
+ stdoutLog, err := v1.OpenShimStdoutLog(ctx, config.WorkDir)
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "failed to create stdout log")
}
+ stderrLog, err := v1.OpenShimStderrLog(ctx, config.WorkDir)
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "failed to create stderr log")
+ }
+ if debug {
+ stdoutCopy = os.Stdout
+ stderrCopy = os.Stderr
+ }
+
+ go io.Copy(stdoutCopy, stdoutLog)
+ go io.Copy(stderrCopy, stderrLog)
+
cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog)
if err != nil {
return nil, nil, err
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
index 65a8666e44..98ee4cf769 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
@@ -19,10 +19,14 @@ package shim
import (
"context"
"io"
+ "net/url"
+ "os"
"sync"
"syscall"
"github.com/containerd/console"
+ "github.com/containerd/containerd/namespaces"
+ "github.com/containerd/containerd/runtime"
"github.com/containerd/fifo"
"github.com/pkg/errors"
)
@@ -31,7 +35,7 @@ type linuxPlatform struct {
epoller *console.Epoller
}
-func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
+func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string, wg *sync.WaitGroup) (cons console.Console, retErr error) {
if p.epoller == nil {
return nil, errors.New("uninitialized epoller")
}
@@ -59,26 +63,98 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
}()
}
- outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+ uri, err := url.Parse(stdout)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to parse stdout uri")
}
- outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
- if err != nil {
- return nil, err
+
+ switch uri.Scheme {
+ case "binary":
+ ns, err := namespaces.NamespaceRequired(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ cmd := runtime.NewBinaryCmd(uri, id, ns)
+
+ // In case of unexpected errors during logging binary start, close open pipes
+ var filesToClose []*os.File
+
+ defer func() {
+ if retErr != nil {
+ runtime.CloseFiles(filesToClose...)
+ }
+ }()
+
+ // Create pipe to be used by logging binary for Stdout
+ outR, outW, err := os.Pipe()
+ if err != nil {
+ return nil, errors.Wrap(err, "failed to create stdout pipes")
+ }
+ filesToClose = append(filesToClose, outR)
+
+ // Stderr is created for logging binary but unused when terminal is true
+ serrR, _, err := os.Pipe()
+ if err != nil {
+ return nil, errors.Wrap(err, "failed to create stderr pipes")
+ }
+ filesToClose = append(filesToClose, serrR)
+
+ r, w, err := os.Pipe()
+ if err != nil {
+ return nil, err
+ }
+ filesToClose = append(filesToClose, r)
+
+ cmd.ExtraFiles = append(cmd.ExtraFiles, outR, serrR, w)
+
+ wg.Add(1)
+ cwg.Add(1)
+ go func() {
+ cwg.Done()
+ io.Copy(outW, epollConsole)
+ outW.Close()
+ wg.Done()
+ }()
+
+ if err := cmd.Start(); err != nil {
+ return nil, errors.Wrap(err, "failed to start logging binary process")
+ }
+
+ // Close our side of the pipe after start
+ if err := w.Close(); err != nil {
+ return nil, errors.Wrap(err, "failed to close write pipe after start")
+ }
+
+ // Wait for the logging binary to be ready
+ b := make([]byte, 1)
+ if _, err := r.Read(b); err != nil && err != io.EOF {
+ return nil, errors.Wrap(err, "failed to read from logging binary")
+ }
+ cwg.Wait()
+
+ default:
+ outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+ if err != nil {
+ return nil, err
+ }
+ outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+ if err != nil {
+ return nil, err
+ }
+ wg.Add(1)
+ cwg.Add(1)
+ go func() {
+ cwg.Done()
+ p := bufPool.Get().(*[]byte)
+ defer bufPool.Put(p)
+ io.CopyBuffer(outw, epollConsole, *p)
+ outw.Close()
+ outr.Close()
+ wg.Done()
+ }()
+ cwg.Wait()
}
- wg.Add(1)
- cwg.Add(1)
- go func() {
- cwg.Done()
- p := bufPool.Get().(*[]byte)
- defer bufPool.Put(p)
- io.CopyBuffer(outw, epollConsole, *p)
- outw.Close()
- outr.Close()
- wg.Done()
- }()
- cwg.Wait()
return epollConsole, nil
}
diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
index 3c614531e4..93c9f59af2 100644
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_unix.go
@@ -21,17 +21,22 @@ package shim
import (
"context"
"io"
+ "net/url"
+ "os"
"sync"
"syscall"
"github.com/containerd/console"
+ "github.com/containerd/containerd/namespaces"
+ "github.com/containerd/containerd/runtime"
"github.com/containerd/fifo"
+ "github.com/pkg/errors"
)
type unixPlatform struct {
}
-func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
+func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string, wg *sync.WaitGroup) (cons console.Console, retErr error) {
var cwg sync.WaitGroup
if stdin != "" {
in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY, 0)
@@ -47,28 +52,98 @@ func (p *unixPlatform) CopyConsole(ctx context.Context, console console.Console,
io.CopyBuffer(console, in, *p)
}()
}
- outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+ uri, err := url.Parse(stdout)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "unable to parse stdout uri")
}
- outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
- if err != nil {
- return nil, err
- }
- wg.Add(1)
- cwg.Add(1)
- go func() {
- cwg.Done()
- p := bufPool.Get().(*[]byte)
- defer bufPool.Put(p)
- io.CopyBuffer(outw, console, *p)
- console.Close()
- outr.Close()
- outw.Close()
- wg.Done()
- }()
- cwg.Wait()
+ switch uri.Scheme {
+ case "binary":
+ ns, err := namespaces.NamespaceRequired(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ cmd := runtime.NewBinaryCmd(uri, id, ns)
+
+ // In case of unexpected errors during logging binary start, close open pipes
+ var filesToClose []*os.File
+
+ defer func() {
+ if retErr != nil {
+ runtime.CloseFiles(filesToClose...)
+ }
+ }()
+
+ // Create pipe to be used by logging binary for Stdout
+ outR, outW, err := os.Pipe()
+ if err != nil {
+ return nil, errors.Wrap(err, "failed to create stdout pipes")
+ }
+ filesToClose = append(filesToClose, outR)
+
+ // Stderr is created for logging binary but unused when terminal is true
+ serrR, _, err := os.Pipe()
+ if err != nil {
+ return nil, errors.Wrap(err, "failed to create stderr pipes")
+ }
+ filesToClose = append(filesToClose, serrR)
+
+ r, w, err := os.Pipe()
+ if err != nil {
+ return nil, err
+ }
+ filesToClose = append(filesToClose, r)
+
+ cmd.ExtraFiles = append(cmd.ExtraFiles, outR, serrR, w)
+
+ wg.Add(1)
+ cwg.Add(1)
+ go func() {
+ cwg.Done()
+ io.Copy(outW, console)
+ outW.Close()
+ wg.Done()
+ }()
+
+ if err := cmd.Start(); err != nil {
+ return nil, errors.Wrap(err, "failed to start logging binary process")
+ }
+
+ // Close our side of the pipe after start
+ if err := w.Close(); err != nil {
+ return nil, errors.Wrap(err, "failed to close write pipe after start")
+ }
+
+ // Wait for the logging binary to be ready
+ b := make([]byte, 1)
+ if _, err := r.Read(b); err != nil && err != io.EOF {
+ return nil, errors.Wrap(err, "failed to read from logging binary")
+ }
+ cwg.Wait()
+
+ default:
+ outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+ if err != nil {
+ return nil, err
+ }
+ outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+ if err != nil {
+ return nil, err
+ }
+ wg.Add(1)
+ cwg.Add(1)
+ go func() {
+ cwg.Done()
+ p := bufPool.Get().(*[]byte)
+ defer bufPool.Put(p)
+ io.CopyBuffer(outw, console, *p)
+ outw.Close()
+ outr.Close()
+ wg.Done()
+ }()
+ cwg.Wait()
+ }
return console, nil
}
diff --git a/vendor/github.com/containerd/containerd/sys/stat_bsd.go b/vendor/github.com/containerd/containerd/sys/stat_bsd.go
index b9c95d90d7..4f03cd6cb0 100644
--- a/vendor/github.com/containerd/containerd/sys/stat_bsd.go
+++ b/vendor/github.com/containerd/containerd/sys/stat_bsd.go
@@ -1,4 +1,4 @@
-// +build darwin freebsd
+// +build darwin freebsd netbsd
/*
Copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf
index ad72fb6d2c..79f6f2a188 100644
--- a/vendor/github.com/containerd/containerd/vendor.conf
+++ b/vendor/github.com/containerd/containerd/vendor.conf
@@ -1,14 +1,14 @@
github.com/beorn7/perks v1.0.1
github.com/BurntSushi/toml v0.3.1
github.com/cespare/xxhash/v2 v2.1.1
-github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d
-github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff
-github.com/containerd/console v1.0.0
+github.com/containerd/btrfs 404b9149801e455c8076f615b06dc0abee0a977a
+github.com/containerd/cgroups 0b889c03f102012f1d93a97ddd3ef71cd6f4f510
+github.com/containerd/console v1.0.1
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
-github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf
+github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb
github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
-github.com/containerd/nri 0afc7f031eaf9c7d9c1a381b7ab5462e89c998fc
-github.com/containerd/ttrpc v1.0.1
+github.com/containerd/nri eb1350a75164f76de48e3605389e7a3fbc85d06e
+github.com/containerd/ttrpc v1.0.2
github.com/containerd/typeurl v1.0.1
github.com/coreos/go-systemd/v22 v22.1.0
github.com/cpuguy83/go-md2man/v2 v2.0.0
@@ -26,10 +26,10 @@ github.com/hashicorp/errwrap v1.0.0
github.com/hashicorp/go-multierror v1.0.0
github.com/hashicorp/golang-lru v0.5.3
github.com/imdario/mergo v0.3.7
-github.com/konsorten/go-windows-terminal-sequences v1.0.3
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/Microsoft/go-winio v0.4.14
-github.com/Microsoft/hcsshim v0.8.9
+github.com/Microsoft/hcsshim v0.8.10
+github.com/moby/sys symlink/v0.1.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.1
github.com/opencontainers/runc v1.0.0-rc92
@@ -41,14 +41,14 @@ github.com/prometheus/common v0.9.1
github.com/prometheus/procfs v0.0.11
github.com/russross/blackfriday/v2 v2.0.1
github.com/shurcooL/sanitized_anchor_name v1.0.0
-github.com/sirupsen/logrus v1.6.0
+github.com/sirupsen/logrus v1.7.0
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
github.com/urfave/cli v1.22.1 # NOTE: urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092
go.etcd.io/bbolt v1.3.5
go.opencensus.io v0.22.0
golang.org/x/net ab34263943818b32f575efc978a3d24e80b04bd7
golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
-golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
+golang.org/x/sys 0aaa2718063a42560507fce2cc04508608ca23b3
golang.org/x/text v0.3.3
google.golang.org/genproto e50cd9704f63023d62cd06a1994b98227fc4d21a
google.golang.org/grpc v1.27.1
@@ -58,9 +58,7 @@ gotest.tools/v3 v3.0.2
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28
# cri dependencies
-github.com/containerd/cri 35e623e6bf7512e8c82b8ac6052cb1d720189f28 # master
github.com/davecgh/go-spew v1.1.1
-github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
github.com/emicklei/go-restful v2.9.5
github.com/go-logr/logr v0.2.0
@@ -69,21 +67,24 @@ github.com/json-iterator/go v1.1.10
github.com/modern-go/concurrent 1.0.3
github.com/modern-go/reflect2 v1.0.1
github.com/opencontainers/selinux v1.6.0
+github.com/pmezard/go-difflib v1.0.0
+github.com/stretchr/testify v1.4.0
github.com/tchap/go-patricia v2.2.6
-github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg
+github.com/willf/bitset v1.1.11
golang.org/x/crypto 75b288015ac94e66e3d6715fb68a9b41bf046ec2
golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f6ca1c7309787
golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v2 v2.2.8
-k8s.io/api v0.19.0-rc.4
-k8s.io/apimachinery v0.19.0-rc.4
-k8s.io/apiserver v0.19.0-rc.4
-k8s.io/client-go v0.19.0-rc.4
-k8s.io/cri-api v0.19.0-rc.4
+k8s.io/api v0.19.4
+k8s.io/apimachinery v0.19.4
+k8s.io/apiserver v0.19.4
+k8s.io/client-go v0.19.4
+k8s.io/component-base v0.19.4
+k8s.io/cri-api v0.19.4
k8s.io/klog/v2 v2.2.0
-k8s.io/utils 2df71ebbae66f39338aed4cd0bb82d2212ee33cc
-sigs.k8s.io/structured-merge-diff/v3 v3.0.0
+k8s.io/utils d5654de09c73da55eb19ae4ab4f734f7a61747a6
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1
sigs.k8s.io/yaml v1.2.0
# cni dependencies
@@ -99,8 +100,8 @@ github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c484
gopkg.in/square/go-jose.v2 v2.3.1
# zfs dependencies
-github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
+github.com/containerd/zfs 0a33824f23a2ab8ec84166f47b571ecb793b0354
github.com/mistifyio/go-zfs f784269be439d704d3dfa1906f45dd848fed2beb
# aufs dependencies
-github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f
+github.com/containerd/aufs dab0cbea06f43329c07667afe1a70411ad555a86